From a9302c490f6453fb988cb375c570d8a5cd8a5035 Mon Sep 17 00:00:00 2001
From: Timm Fitschen <timm.fitschen@ds.mpg.de>
Date: Tue, 4 Dec 2018 13:25:43 +0100
Subject: [PATCH] FIX: try anonymous login when session token is invalid

---
 src/main/java/caosdb/server/CaosAuthenticator.java | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/main/java/caosdb/server/CaosAuthenticator.java b/src/main/java/caosdb/server/CaosAuthenticator.java
index f2b616cf..efe02c15 100644
--- a/src/main/java/caosdb/server/CaosAuthenticator.java
+++ b/src/main/java/caosdb/server/CaosAuthenticator.java
@@ -60,16 +60,15 @@ public class CaosAuthenticator extends Authenticator {
       if (sessionToken != null) {
         subject.login(sessionToken);
       }
-
-      // anonymous users
-      if (!subject.isAuthenticated()
-          && CaosDBServer.getServerProperty(ServerProperties.KEY_AUTH_OPTIONAL)
-              .equalsIgnoreCase("TRUE")) {
-        subject.login(AuthenticationUtils.ANONYMOUS_USER);
-      }
     } catch (AuthenticationException e) {
       logger.log(Level.INFO, "LOGIN_FAILED", e);
     }
+    // anonymous users
+    if (!subject.isAuthenticated()
+        && CaosDBServer.getServerProperty(ServerProperties.KEY_AUTH_OPTIONAL)
+        .equalsIgnoreCase("TRUE")) {
+      subject.login(AuthenticationUtils.ANONYMOUS_USER);
+    }
     return subject.isAuthenticated();
   }
 
-- 
GitLab